ROXBURGH, et al. 
Serial No. 10/594,124 

REMARKS/ARGUMENTS 

This is in response to the Office Action dated November 19, 2009. Claims 2-6, 8 and 16- 
18 are pending and stand rejected in the outstanding Office Action. 

The rejection of claims 2-6, 8 and 16-18 under 35 U.S.C. §1 12, first paragraph, as 
allegedly failing to comply with the written description requirement, is respectfully traversed. 

More specifically, the Examiner asserted that the limitation "the gateway including 
notification means for initiating an unauthenticated and unencrypted connection to one or more 
of the application hosting sub-systems and transmitting over this or each such connection a 
notification for notifying said one or more of the application hosting sub-systems that it should 
initiate a secure authenticated connection with the gateway when the notification means is 
requested so to do by any one of the services offered by the first sub-system" of claim 16, and 
the limitation "initiating from the notification means to the application hosting sub-system an 
unauthenticated and unencrypted connection and transmitting over this connection the 
notification for notifying said application hosting sub-system that it should initiate a secure 
authenticated connection with the gateway" of claim 17, do not have support in the instant 
specification. 

Applicant respectfully directs the Examiner's attention to p. 11, lines 13-16 of the instant 
specification. Said section recites "As a result of the processing performed by notification server 
220, the notification server 220 initiates a simple (unauthenticated and unencrypted) TCP/IP 
connection 450 with listener 1 12 and transmits over this connection a notification (the nature of 
which will be described in greater detail below) to listener 1 12". This section teaches that the 
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notification means sets up an unauthenticated and unencrypted connection and then it transmits a 
notification message over this connection. 

Moreover, p. 1 1, lines 18-22, of the instant specification ("Upon receipt of the 
notification, listener 1 12 forwards this notification via forward notification communication 455 
to a notification processing module (not shown) within the main (client application specific) part 
1 1 of the application 1 10 which processes the notification and thereby establishes that it should 
attempt to contact the SMS service plug-in 257"), teaches that the notification is sent as a result 
of being requested to do so by any of the services (e.g., the SMS service 257). 

In view of the above-noted portions (pg. 11, lines 13-16 and 18-22) in the instant 
specification, the above-noted claim limitations are supported by the instant specification. 
Claims 2-6, 8 and 16-18 therefore fully comply with 35 U.S.C. §112, first paragraph. 

The rejection of independent claim 16 under 35 U.S.C. § 103(a), as allegedly being 
unpatentable over Grantges, Jr. et al. (US 6,510,464) in view of Wilding et al. (US 
2005/0050329), is respectfully traversed. 

The Examiner acknowledged that Grantges does not disclose the feature "the gateway 
including notification means for initiating an unauthenticated and unencrypted connection to one 
or more of the application hosting sub-systems and transmitting over this or each such 
connection a notification for notifying said one or more of the application hosting sub-systems 
that it should initiate a secure authenticated connection with the gateway (emphasis is added)", 
and turned to Wilding for the missing limitations. 
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Wilding discloses a method such that a customer system 102 can establish a secure 
connection with an organization system 104 using a public network, allowing the customer 
system 102 to communicate with the organization system 104 in a secure manner, while 
authenticating the identity of the customer system 102 to the organization system 104 and vice 
versa (Fig. 1). According to the method, once the customer has registered with the server, the 
customer system initiates a connection , [0028]. A temporary Server Public Key is sent from the 
service gateway to the customer system using the TCP connection initiated by the customer 
system. A series of encryption packages is sent back and forth between the gateway and the 
customer system over this TCP connection initiated by the customer system, until a remote, 
secure authenticated and encrypted connection has been established between the service client 
108 and the service gateway 1 10. 

The Examiner asserted that the process "starting from the step of transmitting the 
Temporary Server Public Key from the service gateway 1 10 to the service client 108 (i.e., 
interpreted as a notification to verify the authenticated information); until the step of establishing 
secure, authenticated and encrypted connection between the service gateway 1 10 and the service 
client 108" disclosed by Wilding reads on the above missing limitation, see p. 6 of the Office 
Action. 

The Examiner's assertion is not true. In Wilding, it is clear from paragraph [0028] 
("Once the customer has registered with the server, a remote service session can be established. 
Referring to FIGS. 3A-3B, a flow chart illustrating the steps for establishing a remote session is 
shown. In step 302, the customer system initiates a connection . The service client 108 establishes 
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a Transmission Control Protocol/Internet Protocol (TCP/IP) connection, or session, to the service 
gateway 110. This is similar to having the customer use the telnet protocol to connect to a remote 
system through the Internet, although the following steps ensure a much higher level of security 
than a telnet connection"), emphasis added, that the connection is initiated by the customer 
system. All the encryption packages being sent back and forth between the customer and the 
service gateway are sent over the TCP connection initiated by the customer system . 

In contrast, claim 16 requires "the gateway including notification means for initiating an 
unauthenticated and unencrypted connection to one or more of the application hosting sub- 
systems". In other words, in the invention of claim 1 6, it is the gateway that initiates an 
unauthenticated and unencrypted connection to one or more of the application hosting sub- 
systems, not the one or more of the application hosting sub-systems. 

Moreover, regarding Grantges, the Examiner identified an "options page" being sent by 
gateway web server 44 in a message 78 to client computer 22 (Fig. 2), the "options page" 
presenting a list of authorized applications 24i, 24 2 . . .24 3 for selection by user 1 8 of client 
computer 22, as the claimed "when the notification means is requested so to do by any one of the 
services offered by the first sub-system", see p. 6 of the Office Action. 

However, even assuming arguendo (which Applicant does not believe to be the case) that 
message 78 including an "options page" corresponds to "notification means", this cannot be 
interpreted as it being requested by any one of the services offered by the first sub-system 
(identified as the applications 24i, 24 2 . . .24 3 by the Examiner), as required by claim 16. Instead, 
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in Grantges, the notification is requested by the user 18 (which was identified by the Examiner as 
the claimed application hosting sub-system). 

Further, it is clear in Grantges, e.g., col. 8, lines 18-20 ("User 18, via client computer 22, 
through its web browser, initiates a request 64 for authentication. . ."), that the connection is 
initiated by the user . Thereafter, information is passed back and forth using the connection, but 
it is not initiated by the web server 44 (corresponding to the claimed gateway including 
notification means), as required by claim 16 ("the gateway including notification means for 
initiating an unauthenticated and unencrypted connection to one or more of the application 
hosting sub-systems (emphasis is added)"). 

Finally, one of ordinary skill in the art would not have looked into modifying Grantges in 
order to include notification means. In Grantges, there is no perceived need for notifications to 
be sent to the users 18. This is because the services provided by applications 1, 2 and 3 are 
conventional services adhering to a classic client/server model where servers simply respond to 
an input request from a client. The only mention of applications in Grantges (col. 5, lines 24-30) 
does not suggest that they might ever need to send a notification to a user, nor, accordingly is 
there any discussion of any mechanism for sending such notifications. 

For the above reasons, claim 16 is allowable. Claim 17 includes limitations similar to 
those of claim 16 and is also allowable. 

It is respectfully requested that the rejection of claims 2-6, 8 and 18, all dependent form 
claim 16 or 17, also be withdrawn. 
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In view of the foregoing and other considerations, all claims are deemed in condition for 
allowance. A formal indication of allowability is earnestly solicited. 

The Commissioner is authorized to charge the undersigned's deposit account #14-1 140 in 
whatever amount is necessary for entry of these papers and the continued pendency of the 
captioned application. 

Should the Examiner feel that an interview with the undersigned would facilitate 
allowance of this application, the Examiner is encouraged to contact the undersigned. 

Respectfully submitted, 
NIXON & VANDERHYE P.C. 



LB:tlm 

901 North Glebe Road, 1 1th Floor 
Arlington, VA 22203-1808 
Telephone: (703) 816-4000 
Facsimile: (703) 816-4100 



By: 



/Lconidas Boutsikaris/ 



Leonidas Boutsikaris 
Reg. No. 61,377 
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